Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
FedericoMeiners
Advisor

ASAtoVSX - Translate your Cisco running config to VSX and more!

Hello everyone,

I wanted to share with you a tool that we developed to help us automate a big part of a project.

Long story short, we needed to migrate many virtual context from ASA to VSX. As you may know adding static routes and interfaces to a VS can be cumbersome. Especially if you have firewalls with +100 interfaces and +300 routes 😀

The tool was developed in Golang and is open source.

Keep in mind that this tool was developed for our use case, maybe you need to tinker around a bit regarding interfaces names. For example, you may need to replace "bond" with "eth"

Feel free to fork it if you need.

Download: ASAtoVSX Parser - Molten Minds Github 

Current features (Tested with ASA Version 9.4(4)5 and Check Point R80.30)

  • Translates interfaces to vsx_provisioning_tool language
  • Translates static routes to vsx_provisioning_tool language
  • Marks with # when an interface is down
  • Generates a vsx_provisioning_tool output with interfaces and static routes
  • Generates a JSON file containing all the interfaces
  • Generates a JSON file containing all the routes

 

Translation examples

 ASACheck Point (vsx_provisioning_tool)
Interfaceinterface Port-channelY.XX
description ***
nameif IFNAME
security-level 30
ip address 172.**.**.** 255.255.128.0
!
add interface name bondY.XX ip 172.**.**.** netmask 255.255.128.0
Interface (Shutdown)Caso interfaz down
interface Port-channelY.XX
description IFNAME
shutdown
nameif IFNAME
security-level 30
ip address 10.**.**.** 255.255.255.248
!
#add interface name bondY.XX ip 10.**.**.** netmask 255.255.255.248
Static routeroute IFNAME 10.**.**.** 255.255.255.255 10.**.**.** 1add route destination 10.**.**.** netmask 255.255.255.255 next_hop 10.**.**.**
Default routeroute OUTSIDE 0.0.0.0 0.0.0.0 181.**.**.** 1add route destination default next_hop 186.**.**.**

 

Usage

Usage is really simple.

1) Download the executable file from Github or compile the code yourself

2) Extract running config and save it as a text file with UTF-8 format . At the moment the tool only allow inputs in this format.

parser1.png

3) Using PowerShell execute the program command with the desired input file.

parser2.png

4) Check the output files

parser3.png

vsx_provisioning_tool sample output

parser4.png

Interfaces JSON output

parser5.png

Routes JSON output

parser6.png

5) Add the desired header on the VSX output for vsx_provisioning_tool to create de VS. Example: add vd name VS-Name vsx VSX-FW instances 1 main_ip 172.1.2.3

6) Put the script in the management server that manages the involved VSX and use vsx_provisioning_tool to execute it

7) Verify the new VS and push policy.

 

Lab

Sample VSX Lab prior script

Example1.png

After we move the generated script to the management server we execute it.

If any of the commands fail then the transaction will be canceled and reversed.

User and passwords are for demonstration purposes only 😀

example2.png

Now check your VS and push policy

example3.png

 

____________
https://www.linkedin.com/in/federicomeiners/
3 Replies
PhoneBoy
Admin
Admin

Well done!
0 Kudos
_Val_
Admin
Admin

This post requires a correction. You are using vsx_profisioning_tool and not vsx_util. These are two different tools, and the latter is for maitenance of VSX clusters and not for provisioning.

Please change the text of the post to reflect this.

0 Kudos
FedericoMeiners
Advisor

I've made the corrections, thanks!

____________
https://www.linkedin.com/in/federicomeiners/

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events